CS499/579 :: Empirical Computer Security
Fall 2023

Latest Announcements [Full List]


No required textbook. Reading materials will be provided on the course website and/or distributed in class.


This course requires a basic understanding of computer security. You are expected to have taken at least one of the following courses:

  • CS 370 :: Intro to Security
  • CS 312 :: Defense against the Dark Arts


Your final grade for this course will be based on the following scheme:

  • 60%: Research Project
  • 15%: Paper Discussion Lead
  • 15%: Paper Discussion Questions
  • 10%: Class Participation
  • No midterm/final exam.


This schedule is subject to change. Please check back regularly.
Date Topic(s) Before Class Reading/Notes Assignments
Empirical Security 101
Wed 09/27 Administrivia
[Assigned] Research project
Mon 10/02 Empirical Security
- [Optional] SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit. (Slides|Video)
Wed 10/04 Measurement + Ethics
- [Optional] Strategies for Sound Internet Measurement.
- [Optional] ZMap: Fast Internet-wide Scanning and Its Security Applications. (Slides|Video)
- [Optional] Dos and Don'ts of Machine Learning in Computer Security. (Slides|Video)
[Deadline] Presentation signup
Due 10/04 at 9PM PDT (UTC-7)
[Deadline] Submit Project Team
Due 10/06 at 9PM PDT (UTC-7)
Mon 10/09 Security
- [Optional] Perspectives on Security.
- [Optional] Reflections on Trusting Trust.
- [Optional] Running the "Reflections on Trusting Trust" Compiler.
Internet Security
Wed 10/11 Web Tracking - Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016. (Slides|Video)
- The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. (Slides)
Mon 10/16 Web Tracking + DNS - XRay: Enhancing the Web’s Transparency with Differential Correlation. (Slides|Video)
- Building a Dynamic Reputation System for DNS.
Wed 10/18 Public Keys - Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. (Slides|Video)
- The Million-Key Question — Investigating the Origins of RSA Public Keys . (Slides|Video)
[Deadline] Project Proposal
Due 10/18 at 9PM PDT (UTC-7)
Sign up for a proposal meeting.
Mon 10/23 TLS - The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software.
- The Security Impact of HTTPS Interception.
Wed 10/25 DDoS + Botnets - Inferring Internet Denial-of-Service Activity.
- BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.
User + Usable Security
Mon 10/30 User Authentication - Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks. (Slides|Video)
- Towards Implicit Visual Memory-Based Authentication. (Slides|Video)
Wed 11/01 Passwords + Spam - The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. (Slides)
- Click Trajectories: End-to-End Analysis of the Spam Value Chain.
Mon 11/06 Social Engineering
- Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale. (Slides|Video)
- Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis. (Slides|Video)
[Deadline] Sign up for a research update meeting.
Wed 11/08 Security Indicators - Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. (Slides|Video)
- Can Voters Detect Malicious Manipulation of Ballot Marking Devices?. (Video)
Software + Systems Security
Mon 11/13 Memory attacks - The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)..
- SoK: Eternal War in Memory.
Wed 11/15 Finding vulnerabilities - Evaluating Fuzz Testing. (Video)
- Before we knew it: An empirical study of zero-day attacks in the real world.
Mon 11/20 IoT - Understanding the Mirai Botnet. (Slides|Video)
- SoK: Security Evaluation of Home-Based IoT Deployments. (Slides|Video)
Wed 11/22 No class Happy Thanksgiving eve!
Mon 11/27 Cyber-Physical Systems - Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
- Comprehensive Experimental Analyses of Automotive Attack Surfaces. (Video)
- [Optional] Security Analysis of a Full-Body Scanner. (Slides|Video)
Wed 11/29 Intrusion Detection + Side Channels - Data Mining Approaches for Intrusion Detection.
- Timing Analysis of Keystrokes and Timing Attacks on SSH.
- [Optional] Detecting intrustions using system calls: alternative data models.
- [Optional] Anomaly Detection: A Survey.
[Deadline] (Optional) Sign up for a second research update meeting.
Meta Analysis + Wrap up
Mon 12/04 Meta-analysis - Milk or Wine: Does Software Security Improve with Age?.
- A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists.
Wed 12/06 Class Recap
Finals Week
Mon 12/11 Project Presentations Time/Location TBD
Wed 12/13 Project Presentations Time/Location TBD [Deadline] Final project report
Due 12/13 at 9PM PST (UTC-8)